MY SETUP OpenLdap version 2.x qmail openldap /etc/openldap/ldap.conf (given below) openldap /etc/openldap/slapd.conf (given below) openldap /etc/openldap/schema/core.schema (attached) qmail /var/qmail/qmail-1.03 openca-0.9-RC2.tar.gz untared in /usr/local/ configuration is as per "setup" file (given below) Before executing ./setup file I removed the default openca.ldif and slapd.conf with my files - which are attached. /usr/local/openca-0.9.0/contrib/openca/structure.ldif (renamed it as openca.ldif) /usr/local/openca-0.9.0/contrib/openca/slapd.conf I have deleted all the files from /usr/local/openca-0.9.0/src/modules/perl-ldap-0.25/data/ Except cert.pem and key.pem ---- WHY are they required ???
Then after this I executed the ./setup file to configure the openca Then I install all five components on the same machine make install-ca make install-ra make install-pub make install-online make install-ldap I have configured my apache for three virtual hosts. The following services are running on my server tcpserver qmail-send slapd httpd ==========================MY QUERY======================== MY QUERY WHY AM I NOT ABLE ADD DATA TO LDAP. IN THE LDAP INTERFACE WHEN I CLICK ON A LINK (CA-CERTIFICATES/ CERTIFICATES/ CRL) UNDER UPDATE LDAP ----------------------------------------------- Updating certificates on the LDAP server (Please wait until operation completes) Exporting valid certificates to LDAP ...Information of the Object: dn serialNumber=01,CN=sonu kishore mehrotra,OU=Internet,O=sonu.co.in,C=IN cn sonu kishore mehrotra serID 1 email [EMAIL PROTECTED] ou ARRAY(0x898181c) o sonu.co.in l st c IN End of the information of the Object. element of baseDN: ou=members element of baseDN: o=sonu.co.in element of the inserted DN: serialNumber=01 element of the inserted DN: CN=sonu kishore mehrotra element of the inserted DN: OU=Internet element of the inserted DN: O=sonu.co.in element of the inserted DN: C=IN Checking RootDN of Certificate ... Inserted DN BaseDN h_basedn: sonu.co.in h_dn: IN h_basedn_attribute: o h_dn_attribute: C dn conflicts with basedn Certificate 1 FAILED Removing revoked certificates from LDAP ... Removing suspended certificates from LDAP ... ========================================= Exporting valid ca-certificates to LDAP ... (Please wait until operation completes) Checking for a special DN where to store CA-certificates ... Special DN is "ou=members, o=sonu.co.in, c=IN" Adding valid CA-certificates to the LDAP server ...Information of the Object: dn ou=members, o=sonu.co.in, c=IN cn Manager serID 0 email [EMAIL PROTECTED] ou ARRAY(0x8974164) o sonu.co.in l st c IN End of the information of the Object. element of baseDN: ou=members element of baseDN: o=sonu.co.in element of the inserted DN: ou=members element of the inserted DN: o=sonu.co.in element of the inserted DN: c=IN Checking RootDN of Certificate ... Inserted DN BaseDN h_basedn: sonu.co.in h_dn: IN h_basedn_attribute: o h_dn_attribute: c dn conflicts with basedn addLDAPattribute: DN= ou=members, o=sonu.co.in, c=IN attr: cACertificate;binary LDAP Searchfilter: (cACertificate;binary=*) LDAP Search Mesg-Code 32 LDAP Search Mesg-Count 0 Search for the attribute failed. Certificate 0 FAILED ==================================================== Would really appreciate your guidance and help Regards Sonu ========================my config files===================== structure.ldif file ------------------ dn: ou=members, o=sonu.co.in objectClass: top objectClass: Organization o: sonu.co.in description: sonu.co.in ldap server ============================== slapd.conf file ------------------- # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema #include /etc/openldap/schema/nis.schema > #include /etc/openldap/schema/redhat/rfc822-MailMember.schema > #include /etc/openldap/schema/redhat/autofs.schema > #include /etc/openldap/schema/redhat/kerberosobject.schema > > # Define global ACLs to disable default read access. > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > #pidfile //var/run/slapd.pid > #argsfile //var/run/slapd.args > > # Create a replication log in /var/lib/ldap for use by slurpd. > #replogfile /var/lib/ldap/master-slapd.replog > > # Load dynamic backend modules: > # modulepath /usr/sbin/openldap > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > # > # The next two lines allow use of TLS for connections using a dummy test > # certificate, but you should generate a proper certificate by changing to > # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on > # slapd.pem so that the ldap user or group can read it. TLSCertificateFile /usr/share/ssl/certs/slapd.pem TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem > # > # Sample Access Control > # Allow read access of root DSE > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # > #access to dn="" by * read > #access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default is: > # Allow read by all > # > # rootdn can always write! > > ####################################################################### > # ldbm database definitions > ####################################################################### > > database ldbm > suffix "ou=members,o=sonu.co.in" > #suffix "o=My Organization Name,c=US" > rootdn "cn=Manager,ou=members,o=sonu.co.in" > #rootdn "cn=Manager,o=My Organization Name,c=US" > # Cleartext passwords, especially for the rootdn, should > # be avoided. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > rootpw secret > # rootpw {crypt}ijFYNcSNctBYg > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd/tools. Mode 700 recommended. > #directory /var/lib/ldap > directory /usr/local/ldap > # Indices to maintain > #index objectClass,uid,uidNumber,gidNumber,memberUid eq > #index cn,mail,surname,givenname eq,subinitial > # Replicas to which we should propagate changes > #replica host=ldap-1.example.com:389 tls=yes > # bindmethod=sasl saslmech=GSSAPI > # [EMAIL PROTECTED] > > =========================================================================== > > ldap.conf file > ------------------ > # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 > 17:54:38 > kurt Exp $ > # > # LDAP Defaults > # > > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > > BASE ou=members, o=sonu.co.in > HOST 172.16.16.16:389 > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > > #SIZELIMIT 12 > #TIMELIMIT 15 > SIZELIMIT 0 > TIMELIMIT 0 > #DEREF never > > ======================================================================= > > setup file > --------------- > > #! /bin/sh > ./configure \ > --with-httpd-user=httpd \ > --with-httpd-group=websrc \ > --with-openca-user=httpd \ > --with-openca-group=websrc \ > --with-exec-prefix=/home/httpd \ > --with-openssl-prefix=/usr/local/ssl \ > --with-scep-openssl-prefix=/usr/local/ssl \ > --with-web-host=172.16.16.16 \ > --with-ca-organization="sonu.co.in" \ > --with-ca-locality="mumbai" \ > --with-ca-country="IN" \ > --with-ldap-url=172.16.16.16 \ > --with-ldap-port=389 \ > --with-ldap-root="cn=Manager,ou=members,o=sonu.co.in" \ > --with-ldap-root-pwd="secret" \ > --enable-db \ > --disable-dbi \ > --prefix=/home/httpd \ > --with-service-mail-account="[EMAIL PROTECTED]" > > ====================END================== > __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
